<div>
  A cross site request forgery (or CSRF/XSRF) is an exploit that enables
  an unauthorized third party to take actions on a web site as you. In Hudson,
  this could allow someone to delete jobs, builds or change Hudson's configuration.
  <p>
  When this option is enabled, Hudson will check for a generated nonce value, or
  "crumb", on any request that may cause a change on the Hudson server. This
  includes any form submission and calls to the remote API.
  <p>
  More information about CSRF exploits can be found <a href="http://www.owasp.org/index.php/Cross-Site_Request_Forgery">here</a>.
</div>
